The RCurl package in R works fine for redirects. We use the
getBinaryURL() function to accept a redirect after passing in digest
authentication, which allows access to restricted datasets. We do not
currently use https for this purpose, however.
-Rob
> On Dec 22, 2015, at 2:33 PM, Roy Mendelssohn - NOAA Federal
> <roy.mendelssohn@xxxxxxxx> wrote:
>
> Hi Dennis:
>
> Thank you kindly. But what I need is where http is not allowed, and that
> the http request is redirected to https. If most libraries can handle that
> smoothly, then we have an easy path to having only https responses. If not,
> we have problems.
>
> Have a good holiday.
>
> -Roy
>
>
>> On Dec 22, 2015, at 2:29 PM, dmh@xxxxxxxx wrote:
>>
>> Roy-
>> We (Unidata/netcdf-c) have a test server that supports both http:
>> and https:. You might try it as long as not too much traffic
>> is generated. The server is remotetest.unidata.ucar.edu/thredds
>> =Dennis Heimbigner
>>
>> p.s. the netcdf-c library supports https via curl (There is documentation
>> in the library: auth.html).
>> I am currently in the process of upgrading the authorization support
>> in netcdf-java. The existing one works with https:, but does not
>> support e.g. URS.
>>
>> On 12/22/2015 3:00 PM, Roy Mendelssohn - NOAA Federal wrote:
>>> When I get some time, we will be setting up a test service. My brief
>>> experience with some libraries in Python and R, assuming I did things
>>> correctly which may not be the case, is that they won’t handle the redirect
>>> properly. Moreover, for many of the users I can’t be certain as to exactly
>>> what they are using to get the data.
>>>
>>> It is pretty clear that when the executive order was made they were
>>> thinking of web pages accessed by modern web browsers. In those cases, a
>>> redirect will work fine. I do not think they thought a lot about web
>>> services accessed by scripts, and whether those would work okay. Or if
>>> they did, they are assuming a closed, readily accessed environment, that
>>> can readily be notified of a change like that. However, that is not the
>>> environment we operate in. We have 100’s if not 1000’s of outside users
>>> who routinely access our data services using scripts. Even if we can run
>>> http and https side by side will be okay, For those who want assurance of
>>> who they are connecting to, https.
>>>
>>> And when we get a test site up, I will do some timings. We get some very
>>> big requests from users, if using https truly slows things down that much,
>>> ouch.
>>>
>>> -Roy
>>>
>>>
>>>
>>>
>>>> On Dec 22, 2015, at 1:16 PM, John Caron <jcaron1129@xxxxxxxxx> wrote:
>>>>
>>>> usually with libraries like curl, apps like wget will handle the redirects
>>>> transparently, but of course one must test....
>>>>
>>>> On Tue, Dec 22, 2015 at 1:49 PM, Roy Mendelssohn - NOAA Federal
>>>> <roy.mendelssohn@xxxxxxxx> wrote:
>>>> Our problem is we have services used by 100’s of people in scripts, and
>>>> this will likely break them all, as in many languages even f there is a
>>>> redirect, the script can’t handle the response.
>>>>
>>>> -roy
>>>>> On Dec 22, 2015, at 12:09 PM, Gerry Creager - NOAA Affiliate
>>>>> <gerry.creager@xxxxxxxx> wrote:
>>>>>
>>>>> Just to touch on the subject of exemptions, We've tried and been denied.
>>>>> We're encrypting everything. No, scientific data use cases were not
>>>>> considered, but that's not done us much good to date.
>>>>>
>>>>> Gerry
>>>>>
>>>>> On Fri, Dec 18, 2015 at 1:05 PM, Antonio S. Cofiño <cofinoa@xxxxxxxxx>
>>>>> wrote:
>>>>> AJP protocol is configured ProxyPass using the mod_proxy_ajp
>>>>> ProxyPass /app ajp://backend.example.com:8009/app
>>>>>
>>>>> may be you mean using a directly the http protocol for proxying the
>>>>> backend
>>>>> ProxyPass /app http://backend.example.com:8080/app
>>>>>
>>>>> ajp, is more convenient because simplify the things and make transparent
>>>>> the proxying process to tomcat connector, i.e. the info about the SSL
>>>>> connection between the frontend and client.
>>>>>
>>>>> Here there is some doc:
>>>>> https://tomcat.apache.org/connectors-doc/common_howto/proxy.html
>>>>>
>>>>> http protocol, can be also repleace ajp, but you need to make some
>>>>> "plumbing" with HTTP headers and tomcat connectors
>>>>>
>>>>> Antonio
>>>>>
>>>>> El 18/12/2015 a las 19:39, Guan Wang escribió:
>>>>>> Hi John,
>>>>>>
>>>>>>
>>>>>> Is AJP having any advantage particularly over ProxyPass?
>>>>>>
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>>
>>>>>> Guan
>>>>>>
>>>>>>
>>>>>> From: thredds-bounces@xxxxxxxxxxxxxxxx
>>>>>> [mailto:thredds-bounces@xxxxxxxxxxxxxxxx] On Behalf Of John Caron
>>>>>> Sent: Friday, December 18, 2015 12:56 PM
>>>>>> To: James Gallagher
>>>>>> Cc: THREDDS THREDDS
>>>>>> Subject: Re: [thredds] TDS and HTTPS
>>>>>>
>>>>>>
>>>>>> I agree, an Apache front end is a simple and standard thing to do.
>>>>>>
>>>>>>
>>>>>> AFAIU, the user still is using SSL encryption, its just that Apache is
>>>>>> doing that instead of Tomcat. So it would be good for any of us to make
>>>>>> some measurements comparing large binary data transfers.
>>>>>>
>>>>>>
>>>>>> On Fri, Dec 18, 2015 at 10:42 AM, James Gallagher
>>>>>> <jgallagher@xxxxxxxxxxx> wrote:
>>>>>>
>>>>>>
>>>>>> On Dec 18, 2015, at 9:06 AM, Steve Ansari - NOAA Federal
>>>>>> <steve.ansari@xxxxxxxx> wrote:
>>>>>>
>>>>>>
>>>>>> Sure - I'll follow up offline.
>>>>>>
>>>>>>
>>>>>> Steve
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Fri, Dec 18, 2015 at 11:04 AM, Roy Mendelssohn - NOAA Federal
>>>>>> <roy.mendelssohn@xxxxxxxx> wrote:
>>>>>>
>>>>>> Hi Steve
>>>>>>
>>>>>> I was hoping that would work. That any proxying, whether AJP or other,
>>>>>> would be hidden. I have had problems in the past getting AJP proxying
>>>>>> to work, if I need to do that. Can you send me (offline) the part of
>>>>>> you httpd.conf where you proxy over to tomcat using AJP?
>>>>>>
>>>>>>
>>>>>> We have had good success using Apache & AJP. Apache as a front end
>>>>>> provides a number of options, particularly WRT authentication and this
>>>>>> might provide for a compromise should HTTPS be too much of a bottle
>>>>>> neck. I have not tested the impact of HTTPS compared to HTTP (it would
>>>>>> be easy enough to do using simple file transfers).
>>>>>>
>>>>>>
>>>>>> James
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> -Roy
>>>>>>
>>>>>>
>>>>>>> On Dec 18, 2015, at 7:59 AM, Steve Ansari - NOAA Federal
>>>>>>> <steve.ansari@xxxxxxxx> wrote:
>>>>>>>
>>>>>>> Hey Roy,
>>>>>>>
>>>>>>> We are using Apache to handle all the HTTPS stuff. Apache then
>>>>>>> forwards requests to Tomcat and TDS using AJP.
>>>>>>> https://tomcat.apache.org/tomcat-7.0-doc/config/ajp.html
>>>>>>>
>>>>>>> Our TDS:
>>>>>>> https://www.ncdc.noaa.gov/thredds/catalog.html
>>>>>>>
>>>>>>>
>>>>>>> Steve
>>>>>>>
>>>>>>>
>>>>>>> On Fri, Dec 18, 2015 at 10:29 AM, Roy Mendelssohn - NOAA Federal
>>>>>>> <roy.mendelssohn@xxxxxxxx> wrote:
>>>>>>> Hi All:
>>>>>>>
>>>>>>> As I hope you know, the Federal government is required to migrate to
>>>>>>> https for all services in the next1.5 years. My question is can the
>>>>>>> TDS work with https? If so, can you point me to any documents or what
>>>>>>> changes, if any, need to be made to use https. If not, are there plans
>>>>>>> to incorporate this ability into TDS?
>>>>>>>
>>>>>>> Thanks,
>>>>>>>
>>>>>>> -Roy
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> **********************
>>>>>>> "The contents of this message do not reflect any position of the U.S.
>>>>>>> Government or NOAA."
>>>>>>> **********************
>>>>>>> Roy Mendelssohn
>>>>>>> Supervisory Operations Research Analyst
>>>>>>> NOAA/NMFS
>>>>>>> Environmental Research Division
>>>>>>> Southwest Fisheries Science Center
>>>>>>> ***Note new address and phone***
>>>>>>> 110 Shaffer Road
>>>>>>> Santa Cruz, CA 95060
>>>>>>> Phone: (831)-420-3666
>>>>>>> Fax: (831) 420-3980
>>>>>>> e-mail: Roy.Mendelssohn@xxxxxxxx www: http://www.pfeg.noaa.gov/
>>>>>>>
>>>>>>> "Old age and treachery will overcome youth and skill."
>>>>>>> "From those who have been given much, much will be expected"
>>>>>>> "the arc of the moral universe is long, but it bends toward justice"
>>>>>>> -MLK Jr.
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> thredds mailing list
>>>>>>> thredds@xxxxxxxxxxxxxxxx
>>>>>>> For list information or to unsubscribe, visit:
>>>>>>> http://www.unidata.ucar.edu/mailing_lists/
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Steve Ansari
>>>>>>> Physical Scientist
>>>>>>> NOAA National Centers for Environmental Information (NCEI)
>>>>>>> (828) 271-4611
>>>>>>>
>>>>>>> The newly formed NCEI merges the National Oceanographic Data Center
>>>>>>> (NODC), the National Climatic Data Center (NCDC), and the National
>>>>>>> Geophysical Data Center (NGDC).
>>>>>> **********************
>>>>>> "The contents of this message do not reflect any position of the U.S.
>>>>>> Government or NOAA."
>>>>>> **********************
>>>>>> Roy Mendelssohn
>>>>>> Supervisory Operations Research Analyst
>>>>>> NOAA/NMFS
>>>>>> Environmental Research Division
>>>>>> Southwest Fisheries Science Center
>>>>>> ***Note new address and phone***
>>>>>> 110 Shaffer Road
>>>>>> Santa Cruz, CA 95060
>>>>>> Phone: (831)-420-3666
>>>>>> Fax: (831) 420-3980
>>>>>> e-mail: Roy.Mendelssohn@xxxxxxxx www: http://www.pfeg.noaa.gov/
>>>>>>
>>>>>> "Old age and treachery will overcome youth and skill."
>>>>>> "From those who have been given much, much will be expected"
>>>>>> "the arc of the moral universe is long, but it bends toward justice"
>>>>>> -MLK Jr.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>>
>>>>>> Steve Ansari
>>>>>>
>>>>>> Physical Scientist
>>>>>>
>>>>>> NOAA National Centers for Environmental Information (NCEI)
>>>>>>
>>>>>> (828) 271-4611
>>>>>>
>>>>>>
>>>>>> The newly formed NCEI merges the National Oceanographic Data Center
>>>>>> (NODC), the National Climatic Data Center (NCDC), and the National
>>>>>> Geophysical Data Center (NGDC).
>>>>>>
>>>>>> _______________________________________________
>>>>>> thredds mailing list
>>>>>> thredds@xxxxxxxxxxxxxxxx
>>>>>> For list information or to unsubscribe, visit:
>>>>>> http://www.unidata.ucar.edu/mailing_lists/
>>>>>>
>>>>>>
>>>>>> --
>>>>>>
>>>>>> James Gallagher
>>>>>> jgallagher@xxxxxxxxxxx
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> thredds mailing list
>>>>>> thredds@xxxxxxxxxxxxxxxx
>>>>>> For list information or to unsubscribe, visit:
>>>>>> http://www.unidata.ucar.edu/mailing_lists/
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> thredds mailing list
>>>>>>
>>>>>> thredds@xxxxxxxxxxxxxxxx
>>>>>>
>>>>>> For list information or to unsubscribe, visit:
>>>>>> http://www.unidata.ucar.edu/mailing_lists/
>>>>>
>>>>> _______________________________________________
>>>>> thredds mailing list
>>>>> thredds@xxxxxxxxxxxxxxxx
>>>>> For list information or to unsubscribe, visit:
>>>>> http://www.unidata.ucar.edu/mailing_lists/
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Gerry Creager
>>>>> NSSL/CIMMS
>>>>> 405.325.6371
>>>>> ++++++++++++++++++++++
>>>>> “Big whorls have little whorls,
>>>>> That feed on their velocity;
>>>>> And little whorls have lesser whorls,
>>>>> And so on to viscosity.”
>>>>> Lewis Fry Richardson (1881-1953)
>>>>> _______________________________________________
>>>>> thredds mailing list
>>>>> thredds@xxxxxxxxxxxxxxxx
>>>>> For list information or to unsubscribe, visit:
>>>>> http://www.unidata.ucar.edu/mailing_lists/
>>>> **********************
>>>> "The contents of this message do not reflect any position of the U.S.
>>>> Government or NOAA."
>>>> **********************
>>>> Roy Mendelssohn
>>>> Supervisory Operations Research Analyst
>>>> NOAA/NMFS
>>>> Environmental Research Division
>>>> Southwest Fisheries Science Center
>>>> ***Note new address and phone***
>>>> 110 Shaffer Road
>>>> Santa Cruz, CA 95060
>>>> Phone: (831)-420-3666
>>>> Fax: (831) 420-3980
>>>> e-mail: Roy.Mendelssohn@xxxxxxxx www: http://www.pfeg.noaa.gov/
>>>>
>>>> "Old age and treachery will overcome youth and skill."
>>>> "From those who have been given much, much will be expected"
>>>> "the arc of the moral universe is long, but it bends toward justice" -MLK
>>>> Jr.
>>>>
>>>> _______________________________________________
>>>> thredds mailing list
>>>> thredds@xxxxxxxxxxxxxxxx
>>>> For list information or to unsubscribe, visit:
>>>> http://www.unidata.ucar.edu/mailing_lists/
>>>>
>>> **********************
>>> "The contents of this message do not reflect any position of the U.S.
>>> Government or NOAA."
>>> **********************
>>> Roy Mendelssohn
>>> Supervisory Operations Research Analyst
>>> NOAA/NMFS
>>> Environmental Research Division
>>> Southwest Fisheries Science Center
>>> ***Note new address and phone***
>>> 110 Shaffer Road
>>> Santa Cruz, CA 95060
>>> Phone: (831)-420-3666
>>> Fax: (831) 420-3980
>>> e-mail: Roy.Mendelssohn@xxxxxxxx www: http://www.pfeg.noaa.gov/
>>>
>>> "Old age and treachery will overcome youth and skill."
>>> "From those who have been given much, much will be expected"
>>> "the arc of the moral universe is long, but it bends toward justice" -MLK
>>> Jr.
>>>
>>> _______________________________________________
>>> thredds mailing list
>>> thredds@xxxxxxxxxxxxxxxx
>>> For list information or to unsubscribe, visit:
>>> http://www.unidata.ucar.edu/mailing_lists/
>>
>
> **********************
> "The contents of this message do not reflect any position of the U.S.
> Government or NOAA."
> **********************
> Roy Mendelssohn
> Supervisory Operations Research Analyst
> NOAA/NMFS
> Environmental Research Division
> Southwest Fisheries Science Center
> ***Note new address and phone***
> 110 Shaffer Road
> Santa Cruz, CA 95060
> Phone: (831)-420-3666
> Fax: (831) 420-3980
> e-mail: Roy.Mendelssohn@xxxxxxxx www: http://www.pfeg.noaa.gov/
>
> "Old age and treachery will overcome youth and skill."
> "From those who have been given much, much will be expected"
> "the arc of the moral universe is long, but it bends toward justice" -MLK Jr.
>
> _______________________________________________
> thredds mailing list
> thredds@xxxxxxxxxxxxxxxx
> For list information or to unsubscribe, visit:
> http://www.unidata.ucar.edu/mailing_lists/